Bug #1293
closed
error when trying to view puppet certificates
Description
I'm getting this error when clicking on Settings -> Smart Proxies -> Certificates . It appears that the proxy is correctly invoking puppetca via sudo.
# rpm -qa | grep foreman foreman-0.4-0.1rc4.noarch foreman-proxy-0.3-0.1rc2.noarch foreman-release-1-1.noarch
The HTTP 500 error message that's returned:
The following error message was observed:
smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
foreman production.log (IP/hostname's changed)
Processing SmartProxies::PuppetcaController#index (for 1.1.1.1 at 2011-11-02 12:01:29) [GET]
Parameters: {"smart_proxy_id"=>"1-ctrl"}
Rendering template within layouts/application
Rendering smart_proxies/puppetca/index
ActionView::TemplateError (smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl"}) on line #23 of app/views/smart_proxies/puppetca/index.html.erb:
20: <td><%= h cert.fingerprint %></td>
21: <td>
22: <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :method => :put) if cert.state == "pending" %>
23: <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :confirm => 'Are you sure?', :method => :delete) if cert.state != "revoked" %>
24: </td>
25: </tr>
26: <% end -%>
app/helpers/application_helper.rb:105:in `display_link_if_authorized'
app/views/smart_proxies/puppetca/index.html.erb:23
app/views/smart_proxies/puppetca/index.html.erb:14:in `each'
app/views/smart_proxies/puppetca/index.html.erb:14
app/helpers/application_helper.rb:105:in `display_link_if_authorized'
app/views/smart_proxies/puppetca/index.html.erb:23
app/views/smart_proxies/puppetca/index.html.erb:14:in `each'
app/views/smart_proxies/puppetca/index.html.erb:14
Rendering template within layouts/application
Rendering common/500 (500)
[root@ctrl foreman]#
foreman-proxy proxy.log
D, [2011-11-02T12:01:29.999297 #1732] DEBUG -- : Found puppetca at /usr/sbin/puppetca D, [2011-11-02T12:01:29.999440 #1732] DEBUG -- : Found sudo at /usr/bin/sudo D, [2011-11-02T12:01:29.999493 #1732] DEBUG -- : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
sudo invocation in /var/log/secure
Nov 2 12:01:30 ctrl-27 sudo: foreman-proxy : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/puppetca --list --all
Updated by Andreas Ntaflos about 13 years ago
Same problem here on Ubuntu 10.04, using Foreman 0.4-~nightlybuild1320199902 and Smart Proxy 0.3-~nightlybuild1320199883, along with Puppet 2.7.6.
Invoking puppetca --list --all as user foreman via sudo apparently works fine, listing all certificates correctly. Can we do anything to help debug this?
Updated by Andreas Ntaflos about 13 years ago
I suppose the following error is related to the problems described above. I get this when trying to provision a new host (using Ubuntu, PXE and Preseed). Booting the installer works fine, the problem appears when the Debian installer tries to retrieve its specified preseed file (as in http://puppet.example.com/foreman/unattended/provision). This shows up as a 500 error to the client, while the Foreman production log shows this:
Processing UnattendedController#provision (for 10.59.1.133 at 2011-11-03 19:37:58) [GET] Found RISELANCCR01.rise-s.com **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release Permission denied - /etc/puppet/autosign.conf /usr/lib/ruby/1.8/fileutils.rb:1033:in `initialize' /usr/lib/ruby/1.8/fileutils.rb:1033:in `open' /usr/lib/ruby/1.8/fileutils.rb:1033:in `touch' /usr/lib/ruby/1.8/fileutils.rb:1027:in `each' /usr/lib/ruby/1.8/fileutils.rb:1027:in `touch' /usr/share/foreman/vendor/plugins/proxy/lib/proxy.rb:131:in `sign' /usr/share/foreman/app/models/host.rb:210:in `handle_ca' /usr/share/foreman/app/controllers/unattended_controller.rb:141:in `handle_ca' Rendering common/500 (500)
Updated by Ohad Levy about 13 years ago
Does the following solves your issue?
diff --git a/app/views/smart_proxies/index.html.erb b/app/views/smart_proxies/index.html.erb
index 1c0d387..6a31a0e 100644
--- a/app/views/smart_proxies/index.html.erb
+++ b/app/views/smart_proxies/index.html.erb
@@ -17,7 +17,7 @@
<td><%=h proxy.features.to_sentence %></td>
<td class="ra">
<% if proxy.features.include? Feature.find_by_name("Puppet CA") -%>
- <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy) %>
+ <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy.to_param) %>
<%= display_link_if_authorized "Autosign | ", hash_for_smart_proxy_autosign_index_path(:smart_proxy_id => proxy) %>
<% end -%>
<% if SETTINGS[:unattended] and proxy.features.include? Feature.find_by_name("DHCP") -%>
Updated by Joshua Hoblitt about 13 years ago
The patch applied cleanly to 0.4-0.1rc4, restarted apache (running foreman under passenger), and it looks like we're still getting the same error:
The following error message was observed:
smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
Updated by Ohad Levy about 13 years ago
how about ?
diff --git a/app/views/smart_proxies/puppetca/index.html.erb b/app/views/smart_proxies/puppetca/index.html.erb
index 90d625d..21037bb 100644
--- a/app/views/smart_proxies/puppetca/index.html.erb
+++ b/app/views/smart_proxies/puppetca/index.html.erb
@@ -19,8 +19,8 @@
<td><%= time_column cert.expires_at, :tense => :future %></td>
<td><%= h cert.fingerprint %></td>
<td>
- <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :me
- <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert),
+ <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to_pa
+ <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to
</td>
</tr>
<% end -%>
Updated by Greg Sutcliffe about 13 years ago
I'm also hitting this. Ohad, your patch looks malformed - the lines are truncated, so I can't test it. I can confirm that simply removing the Destroy link makes the page function again, although of course you cannot revoke certificates :)
Updated by Ohad Levy about 13 years ago
- Target version set to 1.0
Ok, how about?
diff --git a/app/models/smart_proxies/puppet_ca.rb b/app/models/smart_proxies/puppet_ca.rb
index c951904..ac68970 100644
--- a/app/models/smart_proxies/puppet_ca.rb
+++ b/app/models/smart_proxies/puppet_ca.rb
@@ -7,6 +7,7 @@ class SmartProxies::PuppetCA
def initialize opts
@name, @state, @fingerprint, @valid_from, @expires_at, @smart_proxy_id = opts.flatten
+ @name.strip!
@valid_from = Time.parse(@valid_from) unless @valid_from.blank?
@expires_at = Time.parse(@expires_at) unless @expires_at.blank?
end
Updated by Paul Mooring about 13 years ago
That change didn't fix it, but I'm having the same problem on a version from the yum repository, rpm -q says:
foreman-0.4-0.2.noarch
foreman-proxy-0.3-0.2.noarch
are the versions I'm running.
Updated by Ohad Levy about 13 years ago
- Target version changed from 1.0 to 0.4.1
Updated by Greg Sutcliffe almost 13 years ago
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
--- a/app/models/smart_proxies/puppet_ca.rb
+++ b/app/models/smart_proxies/puppet_ca.rb
@@ -20,7 +20,7 @@ class SmartProxies::PuppetCA
api = ProxyAPI::Puppetca.new({:url => proxy.url})
certs = api.all.map do |name, properties|
- new([name, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id])
+ new([name.strip, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id])
end.compact
# save our CA details for 5 seconds
Updated by Yun Zheng Hu almost 13 years ago
Greg Sutcliffe wrote:
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
[...]
I can confirm that this works
Updated by Ohad Levy almost 13 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset 23b12ba7aea93e099e5c5d57361835d73323d6da.